UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Solaris system EEPROM security-mode parameter must be set to full or command mode.


Overview

Finding ID Version Rule ID IA Controls Severity
V-958 GEN000000-SOL00300 SV-958r2_rule ECCD-1 ECCD-2 Medium
Description
If the EEPROM security-mode parameter is not set to full or command, then unauthorized access to system EEPROM can take place. In normal situations, when the system is in a controlled access area and it is desirable to have it automatically reboot upon loss of and restoring of power, for instance, then command mode with the autoboot parameter set to true is recommended.
STIG Date
Solaris 9 SPARC Security Technical Implementation Guide 2014-01-08

Details

Check Text ( C-2254r2_chk )
If the system does not have an OBP / EEPROM, this is not applicable.

# eeprom | grep security-mode

If the EEPROM security-mode parameter is not set to full or command, this is a finding.
Fix Text (F-1112r2_fix)
Set the system EEPROM security-mode parameter to full or command.

# eeprom security-mode=full
OR
# eeprom security-mode=command

The system will prompt the user for a password. This should be securely stored.